Realm Areas

An effective way to limit an operator's access to tags within the tag browser, based on their group membership is through the use of a Realm Area.

Tying the groups and the areas together is the concept of a Realm Area.   Proceed with caution: the word "Realm" is also used when configuring a VTS Internet Server and has a different meaning there, although there is a direct link to this discussion.

For the purposes of setting Group privileges based on Area, think of "Realm Area" as meaning the same as "Group Area".  

 

Realm Areas are normally defined in an application's CONFIG.INI file, but may also be defined in a workstation.ini file as described in the Programmer’s Guide.  To define a realm area you will add a series of sections with [RealmAreas] headings - one section for each group.

 

To illustrate this concept, suppose we have a VTS application with three areas: Water Plant A (PlantA), Water Plant B (PlantB) and a Water Distribution System (Distribution).

We employ two groups of operators: Those who manage PlantA and those who control PlantB.  Both need to see and respond to alarms from the Distribution system.  Therefore, two user groups have been defined:  op_PlantA and op_PlantB.  

 

The following code example shows how Realm Areas would be added to the CONFIG.INI (or workstation.ini) file for this hypothetical application.

[*-REALMAREAS]

  Area = *

[OP_PLANTA-REALMAREAS]

  Area = PlantA

  Area = Distribution

[OP_PLANTB-REALMAREAS]

  Area = PlantB

  Area = Distribution

 

Note the structure of the sections:  In square brackets we put the name of the Realm Area / Group followed by a dash and the keyword REALMAREAS.

Below that are a series of lines where we list the areas that will be available to that Realm Area / Group.

When a user belonging to the plant A operators group logs in, when looking at the tag browser he will be able to view the tags and alarms for the PlantA area and the Distribution area, but not the PlantB area.  On the application pages, he will still see and be able to use and configure all tags.

You may define as many Realm / Group / Realm Area combinations as you need.

 

Wildcards and Realm Areas

Note carefully the first declaration in the example:

[*-REALMAREAS]

  Area = *

This declaration, using wildcards, allows any operator who does not have a group defined (e.g. a manager) to view tags belonging to all areas.

 

Realm Areas and the VTS Internet Server

Taking this concepts one step further, if we configure the computer running the application as a VTS Internet Server (VTS/IS) so that operators can connect via the internet from a VTS Internet Client workstation (VIC), then we would do the following:

 

On the VTS server, add one realm for each group.  Each realm must be given the same name as the group, and must include a reference to this application.

An operator can then connect to the application using a URL that includes the name of the Realm he is connecting to.  For example, to connect to the Plant1Op Realm / Group, he would use the address:  http://www.yourdomain/supplyop.     Note that he can now connect only to the realm that has a name matching the group he is a member of.